Forum Discussion

Aaron_Chandra_3's avatar
Aaron_Chandra_3
Icon for Nimbostratus rankNimbostratus
May 01, 2017

ASM- Brute Force Mitigation Dynamic

Hi,   I have a situation here, the dynamic brute force mitigation we set (after a lot of trial and error) detects the login failures however the prevention policy it is applying is not constant. l...
ASM Advanced WAF
security
taunan_89710's avatar
taunan_89710
Historic F5 Account
May 04, 2017

Hello Aaron.

 

Have you enabled the clientside integrity defense checks in your prevention policy? These options do not perform rate limiting but only turns away non-browsers or bots.

 

Prevention policy methods do not engage simultaneously but in order as long as the attack continues. This could be why it is taking longer to reach the rate limiting options.

 

You could try removing the integrity check options and if this does not provide the consistency you are looking for please let us know the settings you are using.

 

Aaron_Chandra_3's avatar
Aaron_Chandra_3
Icon for Nimbostratus rankNimbostratus
May 07, 2017

yes, its from multiple ip addresses..